Zone Based Firewall

Discussion in 'Routing & Switching' started by Robt800, May 25, 2011.

  1. Robt800

    Robt800 Bit Poster

    21
    0
    2
    I've been tasked with setting up a ZFW on a cisco 877. I've read quite a few articles on it & it seems pretty simple - a nice 5 step plan!

    Something isn't quite right - when I implement the firewall no traffic comes through!

    Starting to go round in circles a little - would someone mind having a look over my config please?

    Thanks

    Rob
     

    Attached Files:

    Last edited by a moderator: May 25, 2011
  2. cisco lab rat

    cisco lab rat Megabyte Poster

    679
    88
    116
    Hi

    Did you write these rules manually?

    Cheers

    Joe
     
    Certifications: Yes I pretty much am!!
    WIP: Fizzicks Degree
  3. Robt800

    Robt800 Bit Poster

    21
    0
    2
    Yes. Wasn't sure if I needed the zone-pairs involving the 'self zone' but put these in when I still didn't have traffic flow
    Cheers

    Rob
     
  4. cisco lab rat

    cisco lab rat Megabyte Poster

    679
    88
    116
    I normally use SDM to configure the ZBF then tweak as required. I find doing it manually a right royal pain.

    Do you know which traffic you want to:
    pass
    drop
    inspect
    from the inside to outside zone?

    Which traffic do you want to:
    pass
    drop
    inspect
    from the outside to the inside

    Cheers

    Joe
     
    Certifications: Yes I pretty much am!!
    WIP: Fizzicks Degree
  5. Robt800

    Robt800 Bit Poster

    21
    0
    2
    Yep basically, pass following (incoming & outgoing):
    https
    3389
    smtp

    Then block everything else

    Cheers

    Rob
     
  6. Robt800

    Robt800 Bit Poster

    21
    0
    2
    a little bit more info: as soon as I add 'match protocol tcp' to the class-maps - hey presto the ports open. Problem is it opens up everything else! I.e. its then only the natting that offers any security.

    Any suggestions please?
     
  7. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    post the config and ill take a look
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.